Dear List members, during some tests on data security with GeoServer 2.7-rc1 I discovered a strange behaviour that I could not understand:
(All steps performed on a fresh installation) Test case 1 ------------ I created a new role and user and finally configured this single rule for data security (no other rule does exist!) "topp.*.r testrole" -> Behaves like expected: The user with role "testrole" can now access all layers of Workspace "topp" for example via WMS and all layers are shown in his Layer preview. -> Behaves like expected: Unauthorized access via WMS to layers of workspace "topp" gets HTTP response with status code 404 but if I try to narrow the data security rule: Test case 2 -------------- I created a new role and user and finally configured this single rule for data security (no other rule does exist!) "topp.states.r testrole" -> Unexpected behaviour: The user with role "testrole" can now access all layers of Workspace "topp" for example via WMS and all layers are shown in his Layer preview! I expected only layer states. -> Unexpected behaviour: Access via WMS to all layers of workspace "topp" is also possible without any authorization! This data security rule does not seem to have any effect at all. Does somebody could explain this behaviour or is this a bug? I was not able to find a issue on this bug yet. Best regards, Patric Hafner -- web www.geops.de rss www.geops.de/blog/feed follow www.twitter.com/geops ------------------------------------------------------------------------------ Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ _______________________________________________ Geoserver-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/geoserver-devel
